- 'There are two types of phishing vectors – one the malicious attachment…and two, URLs to malicious sites'.

- 'The average cost of a data breach is $3.5m up 15% from 2013’ discussing the Ponemon Institute ‘2014 Cost of a Data Breach Study: Global Analysis’ sponsored by IBM. Interestingly, class action law suits of effected customers are part of the calculation and might be a rising trend for organizations to address.

- 'As it becomes more common for remote workers to operate outside of VPNs (BYOD and BYOC), enterprises must protect the user when they actually click'. 'Even if users could put something on their mobile device to protect them, they are hesitant from a user experience perspective.' - this was one of the key points in the session, as traditional approaches to security only protect users on the network and corporate managed devices. It’s important to think beyond this given BYOD and remote working. Protection must be available no matter the device used to access corporate email systems, without increasing the IT overhead or adversely affecting the users’ experience. As Rick suggested, organizations must ‘protect the click’.

- 'Sometimes the URL isn’t bad at the time of delivery’ the attacker may turn the server over from benign to malicious after the email is sent.'

- 'URL rewriting is emerging to protect the user…I recommended it as an RFP requirement.'

- 'Whatever the culture of the organization, use that to (tailor) security training…increasing awareness and propensity to report incidents.'

- '(Phishing) is only going to get more and more sophisticated.'- which is why the protection organizations put in place now must be able to stay ahead of the attackers.

Steve Malone, Security Product Manager, Mimecast:

- 'Phishing is viewed as a technology problem…the usual approach is to add more technology. But the issue is that adding more technology is actually increasing complexity.' Steve further explained that the most successful approach is two-fold: choosing the right technology coupled with user education.

- 'As we’ve got better at protecting against these attacks, the attackers have moved the goal posts. We now have to assume all the links in emails are bad.'

- 'Clean up (post-attack) is generally very difficult and time consuming and the root cause is not addressed.'

- 'We’re building into the service a real-time education component for users.'

It’s clear from the interest and the great questions we received at the end of the presentations that this is a hot topic. The evolution of threats is forcing IT teams to rethink the planning, purchasing and management of their business security systems. In addition, it’s being recognized that in order to stay ahead of the attackers, technology alone is not the answer – the complete solution needs to account for this and train users in a new way.

Please leave a comment or @reply me at @orlando_sc if you’ve any particular areas you want us to cover in our follow up posts.

Orlando Scott-Cowley is Mimecast's cybersecurity strategist. Prior to joining Mimecast in 2006, he has worked in the IT Security industry for his entire career, working with governments, businesses, vendors, resellers and in consultancy.
Orlando's evangelism for Mimecast includes writing and speaking for influential publications and events on a variety of topics from compliance, archiving, security and continuity; in particular the emergence of cloud and SaaS technologies.